MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8da0c8e4b3fa6550fa7a04fd525ea52ac2773bc7c4b267ceb19775c0d4e20a64. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 9


Intelligence 9 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8da0c8e4b3fa6550fa7a04fd525ea52ac2773bc7c4b267ceb19775c0d4e20a64
SHA3-384 hash: 54db5dfd1ec0a464791d609881365a533aca85d4bed533eca2e4803e7dfe1193618e098569b1ea1d269a7d2861043685
SHA1 hash: 36bac6256a533c89d2d6552d3f7f3cd3e2df4d8e
MD5 hash: eddb2bdcd9e67ef674efd95b36b88438
humanhash: louisiana-wyoming-music-snake
File name:SecuriteInfo.com.BScope.Trojan.Woreflint.21965
Download: download sample
Signature AgentTesla
Create hunting rule
File size:421'376 bytes
First seen:2020-11-30 11:39:44 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a69481701a63309c2ccd3f707a04e1ab (1 x Loki, 1 x AgentTesla, 1 x NanoCore)
ssdeep 6144:knnLxWUJZVCkpYraE3OH8SAEwce1+H/ooV7IWxS4C3wWZ2JHCWgTxH8S:GnwUJZV9mXUAEE1+HQM7IA+p2HvCl
Threatray 1'597 similar samples on MalwareBazaar
TLSH 0794022039C1C4B3E2A951758879E7BA6A7AF8341E255ACB7FD403BD4F241D2CB35386
Reporter SecuriteInfoCom
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
1
# of downloads :
171
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/106026/
Detection(s):
SecuriteInfo.com.BScope.Trojan.Woreflint.21965.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/550812
Signature
Antivirus / Scanner detection for submitted sample
Detected unpacking (creates a PE file in dynamic memory)
Found malware configuration
Machine Learning detection for sample
Maps a DLL or memory area into another process
Multi AV Scanner detection for submitted file
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to steal Mail credentials (via file access)
Yara detected AgentTesla
Behaviour
Behavior Graph:
Download SVG
Detection:
agenttesla
Create hunting rule
Link:
https://mwdb.cert.pl/sample/8da0c8e4b3fa6550fa7a04fd525ea52ac2773bc7c4b267ceb19775c0d4e20a64/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-11-30 08:56:49 UTC
AV detection:
26 of 28 (92.86%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rwqmrzft7jsvb6t2at6vexvfflbhoo6hyszgptvrs524bvhcbjsa._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
08ae3a735881e41099740e2e79fcd4107d5e94fe9267e28d6bf8bd9fd80a7ce6
AgentTesla
16dff524e764f19be7a7851841235ef4406b22866e500ca592b678c55fd70bf5
AgentTesla
268f89bd4548d21dd1f6133a394327691e479443003cb92cdf9c0568a6b3ec41
AgentTesla
3262041b975c085ac4910cab0c54cafd02bee3accf8f921712f9a626634ea833
AgentTesla
51d5859f266a7b373d71b9fd71d2eec4975a8d35fb01486f624b9235120e12d8
AgentTesla
5ccb4b42592b867c638bc0b10bd75d11865ee1bea36d8242bffe1aba403336e4
AgentTesla
61060fa22e8fe8c29f2cd7b2b4b9bc4d350fc9331a6dfcbc2f873bec00f6818d
AgentTesla
9d1d3e7e960ed2939190d8cb99aec48b885dabfc1b9f61bbfcb5c4a5abd7e6ab
AgentTesla
9df06d72513716fcfd80d3864d47aa896ec146882ee4cd5a30d998fac7ee72cc
AgentTesla
db1bb2a6d7136c4c38bdc25d98b7b328b79837a027034b7f2d30c58f92ff6064
AgentTesla
+ 1'587 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger spyware stealer trojan
Link:
https://tria.ge/reports/201130-5zlnkc3vhx/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
AgentTesla
Unpacked files
SH256 hash:
a0068674968f220bc384f452bf9cceb341dc7b0d142b5c89b788fba1cbcf4e1c
MD5 hash:
579090bdc84d67ff7099140b86743dd2
SHA1 hash:
0404e4e52e67c68213a44f19c3ac330027dba085
Link:
https://www.unpac.me/results/e4c85f57-56a6-4a57-a9cf-997569daf6c0/
SH256 hash:
a971fe931557491d8790571e85c7a64423a4fea082caacb2318ceb35b64c9dc9
MD5 hash:
08a087ca51c099d6efb17af7c51bdfb8
SHA1 hash:
f03e71c8e27e0103d3f6bf75ae0a2d8a671daa23
Link:
https://www.unpac.me/results/e4c85f57-56a6-4a57-a9cf-997569daf6c0/
SH256 hash:
8da0c8e4b3fa6550fa7a04fd525ea52ac2773bc7c4b267ceb19775c0d4e20a64
MD5 hash:
eddb2bdcd9e67ef674efd95b36b88438
SHA1 hash:
36bac6256a533c89d2d6552d3f7f3cd3e2df4d8e
Link:
https://www.unpac.me/results/e4c85f57-56a6-4a57-a9cf-997569daf6c0/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8da0c8e4b3fa6550fa7a04fd525ea52ac2773bc7c4b267ceb19775c0d4e20a64

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_AgentTesla_20200929
Create hunting rule
Author:abuse.ch
Description:Detects AgentTesla PE
Rule name:win_agent_tesla_v1
Create hunting rule
Author:Johannes Bader @viql
Description:detects Agent Tesla

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

AgentTesla

Executable exe 8da0c8e4b3fa6550fa7a04fd525ea52ac2773bc7c4b267ceb19775c0d4e20a64

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/869017/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/106026/

Comments